A vulnerability in isync could allow remote attackers to perform man-in-the-middle attacks.
Package | net-mail/isync on all architectures |
---|---|
Affected versions | < 1.0.6 |
Unaffected versions | >= 1.0.6 |
isync is an IMAP and MailDir mailbox synchronizer.
isync does not properly verify the server’s hostname against the CN field in the SSL certificate.
A remote server could perform man-in-the-middle attacks to disclose passwords or obtain other sensitive information.
There is no known workaround at this time.
All isync users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/isync-1.0.6"
Release date
October 05, 2013
Latest revision
October 05, 2013: 1
Severity
low
Exploitable
remote
Bugzilla entries